If you're talking about your customers' detailed demographic or billing info, I agree that it doesn't belong in any of these three systems. But why would it be there? Do you blog your customers' names, store their addresses on your iPhone, or email their credit card numbers? If so, fail. This data should be in isolated systems that are designed for the bare minimum required controlled access, if it should be anywhere in your organization. If you can't find a SaaS vendor that provides this in a form you can use, then you have to build your own at AWS, a shared host, a VPS, or something like that. These vendors have much better security stories.